<!DOCTYPE html>
<html lang="zh-CN">

<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
  <meta name="theme-color" content="#222">
  <meta name="generator" content="Hexo 5.4.0">


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

  <link rel="stylesheet" href="/css/main.css">



  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.2/css/all.min.css">
  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/animate.css@3.1.1/animate.min.css">

  <script class="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {
      "hostname": "holidaypenguin.gitee.io",
      "root": "/",
      "images": "/images",
      "scheme": "Mist",
      "version": "8.2.2",
      "exturl": false,
      "sidebar": {
        "position": "right",
        "display": "always",
        "padding": 18,
        "offset": 12
      },
      "copycode": true,
      "bookmark": {
        "enable": false,
        "color": "#222",
        "save": "auto"
      },
      "fancybox": false,
      "mediumzoom": false,
      "lazyload": false,
      "pangu": false,
      "comments": {
        "style": "tabs",
        "active": null,
        "storage": true,
        "lazyload": false,
        "nav": null
      },
      "motion": {
        "enable": true,
        "async": true,
        "transition": {
          "post_block": "fadeIn",
          "post_header": "fadeInDown",
          "post_body": "fadeInDown",
          "coll_header": "fadeInLeft",
          "sidebar": "slideUpIn"
        }
      },
      "prism": false,
      "i18n": {
        "placeholder": "搜索...",
        "empty": "没有找到任何搜索结果：${query}",
        "hits_time": "找到 ${hits} 个搜索结果（用时 ${time} 毫秒）",
        "hits": "找到 ${hits} 个搜索结果"
      },
      "path": "/search.xml",
      "localsearch": {
        "enable": true,
        "trigger": "auto",
        "top_n_per_article": 1,
        "unescape": false,
        "preload": false
      }
    };
  </script>
  <meta property="og:type" content="article">
  <meta property="og:title" content="前端敏感数据加密方案及实现">
  <meta property="og:url" content="https://holidaypenguin.gitee.io/blob/2021-05-17-encryption-scheme-and-implementation-of-front-end-sensitive-data/index.html">
  <meta property="og:site_name" content="HolidayPenguin">
  <meta property="og:locale" content="zh_CN">
  <meta property="og:image" content="https://visitor-badge.glitch.me/badge?page_id=holidaypenguin.gitee.io">
  <meta property="og:image" content="https://holidaypenguin.gitee.io/images/FrontEnd/0010.gif">
  <meta property="og:image" content="https://holidaypenguin.gitee.io/images/FrontEnd/0011.jpg">
  <meta property="og:image" content="https://holidaypenguin.gitee.io/images/FrontEnd/0012.jpg">
  <meta property="og:image" content="https://holidaypenguin.gitee.io/images/FrontEnd/0013.jpg">
  <meta property="og:image" content="https://holidaypenguin.gitee.io/images/FrontEnd/0014.jpg">
  <meta property="og:image" content="https://holidaypenguin.gitee.io/images/FrontEnd/0015.gif">
  <meta property="article:published_time" content="2021-05-17T09:19:38.000Z">
  <meta property="article:modified_time" content="2021-05-17T09:19:38.000Z">
  <meta property="article:author" content="holidaypenguin">
  <meta property="article:tag" content="FrontEnd">
  <meta property="article:tag" content="加密">
  <meta property="article:tag" content="对称加密">
  <meta property="article:tag" content="非对称加密">
  <meta name="twitter:card" content="summary">
  <meta name="twitter:image" content="https://visitor-badge.glitch.me/badge?page_id=holidaypenguin.gitee.io">


  <link rel="canonical" href="https://holidaypenguin.gitee.io/blob/2021-05-17-encryption-scheme-and-implementation-of-front-end-sensitive-data/">


  <script class="page-configurations">
    // https://hexo.io/docs/variables.html
    CONFIG.page = {
      sidebar: "",
      isHome: false,
      isPost: true,
      lang: 'zh-CN'
    };
  </script>
  <title>前端敏感数据加密方案及实现 | HolidayPenguin</title>





  <noscript>
    <style>
      body {
        margin-top: 2rem;
      }

      .use-motion .menu-item,
      .use-motion .sidebar,
      .use-motion .post-block,
      .use-motion .pagination,
      .use-motion .comments,
      .use-motion .post-header,
      .use-motion .post-body,
      .use-motion .collection-header {
        visibility: visible;
      }

      .use-motion .header,
      .use-motion .site-brand-container .toggle,
      .use-motion .footer {
        opacity: initial;
      }

      .use-motion .site-title,
      .use-motion .site-subtitle,
      .use-motion .custom-logo-image {
        opacity: initial;
        top: initial;
      }

      .use-motion .logo-line {
        transform: scaleX(1);
      }

      .search-pop-overlay,
      .sidebar-nav {
        display: none;
      }

      .sidebar-panel {
        display: block;
      }
    </style>
  </noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage" class="use-motion">
  <div class="headband"></div>

  <main class="main">
    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner">
        <div class="site-brand-container">
          <div class="site-nav-toggle">
            <div class="toggle" aria-label="切换导航栏" role="button">
              <span class="toggle-line"></span>
              <span class="toggle-line"></span>
              <span class="toggle-line"></span>
            </div>
          </div>

          <div class="site-meta">

            <a href="/" class="brand" rel="start">
              <i class="logo-line"></i>
              <h1 class="site-title">HolidayPenguin</h1>
              <i class="logo-line"></i>
            </a>
          </div>

          <div class="site-nav-right">
            <div class="toggle popup-trigger">
              <i class="fa fa-search fa-fw fa-lg"></i>
            </div>
          </div>
        </div>



        <nav class="site-nav">
          <ul class="main-menu menu">
            <li class="menu-item menu-item-home"><a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a></li>
            <li class="menu-item menu-item-tags"><a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a></li>
            <li class="menu-item menu-item-categories"><a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a></li>
            <li class="menu-item menu-item-archives"><a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a></li>
            <li class="menu-item menu-item-search">
              <a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
              </a>
            </li>
          </ul>
        </nav>



        <div class="search-pop-overlay">
          <div class="popup search-popup">
            <div class="search-header">
              <span class="search-icon">
                <i class="fa fa-search"></i>
              </span>
              <div class="search-input-container">
                <input autocomplete="off" autocapitalize="off" maxlength="80" placeholder="搜索..." spellcheck="false" type="search" class="search-input">
              </div>
              <span class="popup-btn-close" role="button">
                <i class="fa fa-times-circle"></i>
              </span>
            </div>
            <div class="search-result-container no-result">
              <div class="search-result-icon">
                <i class="fa fa-spinner fa-pulse fa-5x"></i>
              </div>
            </div>

          </div>
        </div>

      </div>


      <div class="toggle sidebar-toggle" role="button">
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
      </div>

      <aside class="sidebar">

        <div class="sidebar-inner sidebar-nav-active sidebar-toc-active">
          <ul class="sidebar-nav">
            <li class="sidebar-nav-toc">
              文章目录
            </li>
            <li class="sidebar-nav-overview">
              站点概览
            </li>
          </ul>

          <div class="sidebar-panel-container">
            <!--noindex-->
            <div class="post-toc-wrap sidebar-panel">
              <div class="post-toc animated">
                <ol class="nav">
                  <li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E6%96%B9%E5%BC%8F"><span class="nav-number">1.</span> <span class="nav-text">数据泄露方式</span></a></li>
                  <li class="nav-item nav-level-2"><a class="nav-link" href="#%E5%8A%A0%E5%AF%86%E7%AE%97%E6%B3%95%E4%BB%8B%E7%BB%8D"><span class="nav-number">2.</span> <span class="nav-text">加密算法介绍</span></a></li>
                  <li class="nav-item nav-level-2"><a class="nav-link" href="#%E5%AE%9E%E7%8E%B0%E6%96%B9%E6%A1%88"><span class="nav-number">3.</span> <span class="nav-text">实现方案</span></a></li>
                  <li class="nav-item nav-level-2"><a class="nav-link" href="#%E4%BB%A3%E7%A0%81%E5%AE%9E%E7%8E%B0"><span class="nav-number">4.</span> <span class="nav-text">代码实现</span></a>
                    <ol class="nav-child">
                      <li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%AE%A2%E6%88%B7%E7%AB%AF%EF%BC%9A"><span class="nav-number">4.1.</span> <span class="nav-text">客户端：</span></a></li>
                      <li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%9C%8D%E5%8A%A1%E7%AB%AF%EF%BC%88Node%EF%BC%89%EF%BC%9A"><span class="nav-number">4.2.</span> <span class="nav-text">服务端（Node）：</span></a></li>
                    </ol>
                  </li>
                  <li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%BC%94%E7%A4%BA%E6%95%88%E6%9E%9C"><span class="nav-number">5.</span> <span class="nav-text">演示效果</span></a></li>
                  <li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%80%BB%E7%BB%93"><span class="nav-number">6.</span> <span class="nav-text">总结</span></a></li>
                </ol>
                </li>
                <li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%8F%82%E8%80%83%E6%96%87%E7%8C%AE"><span class="nav-number"></span> <span class="nav-text">参考文献</span></a>
              </div>
            </div>
            <!--/noindex-->

            <div class="site-overview-wrap sidebar-panel">
              <div class="site-author site-overview-item animated" itemprop="author" itemscope itemtype="http://schema.org/Person">
                <p class="site-author-name" itemprop="name">holidaypenguin</p>
                <div class="site-description" itemprop="description"></div>
              </div>
              <div class="site-state-wrap site-overview-item animated">
                <nav class="site-state">
                  <div class="site-state-item site-state-posts">
                    <a href="/archives/">

                      <span class="site-state-item-count">138</span>
                      <span class="site-state-item-name">日志</span>
                    </a>
                  </div>
                  <div class="site-state-item site-state-categories">
                    <a href="/categories/">

                      <span class="site-state-item-count">26</span>
                      <span class="site-state-item-name">分类</span></a>
                  </div>
                  <div class="site-state-item site-state-tags">
                    <a href="/tags/">

                      <span class="site-state-item-count">234</span>
                      <span class="site-state-item-name">标签</span></a>
                  </div>
                </nav>
              </div>
              <div class="links-of-author site-overview-item animated">
                <span class="links-of-author-item">
                  <a href="https://github.com/holidaypenguin" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;holidaypenguin" rel="noopener" target="_blank"><i class="github fa-fw"></i>GitHub</a>
                </span>
                <span class="links-of-author-item">
                  <a href="mailto:songshipeng2016@gmail.com" title="E-Mail → mailto:songshipeng2016@gmail.com" rel="noopener" target="_blank"><i class="envelope fa-fw"></i>E-Mail</a>
                </span>
              </div>



            </div>
          </div>
        </div>
      </aside>
      <div class="sidebar-dimmer"></div>


    </header>


    <div class="back-to-top" role="button">
      <i class="fa fa-arrow-up"></i>
      <span>0%</span>
    </div>

    <noscript>
      <div class="noscript-warning">Theme NexT works best with JavaScript enabled</div>
    </noscript>


    <div class="main-inner post posts-expand">





      <div class="post-block">



        <article itemscope itemtype="http://schema.org/Article" class="post-content" lang="zh-CN">
          <link itemprop="mainEntityOfPage" href="https://holidaypenguin.gitee.io/blob/2021-05-17-encryption-scheme-and-implementation-of-front-end-sensitive-data/">

          <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
            <meta itemprop="image" content="/images/avatar.gif">
            <meta itemprop="name" content="holidaypenguin">
            <meta itemprop="description" content="">
          </span>

          <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
            <meta itemprop="name" content="HolidayPenguin">
          </span>
          <header class="post-header">
            <h1 class="post-title" itemprop="name headline">
              前端敏感数据加密方案及实现
            </h1>

            <div class="post-meta-container">
              <div class="post-meta">
                <span class="post-meta-item">
                  <span class="post-meta-item-icon">
                    <i class="far fa-calendar"></i>
                  </span>
                  <span class="post-meta-item-text">发表于</span>

                  <time title="创建时间：2021-05-17 17:19:38" itemprop="dateCreated datePublished" datetime="2021-05-17T17:19:38+08:00">2021-05-17</time>
                </span>
                <span class="post-meta-item">
                  <span class="post-meta-item-icon">
                    <i class="far fa-folder"></i>
                  </span>
                  <span class="post-meta-item-text">分类于</span>
                  <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                    <a href="/categories/FrontEnd/" itemprop="url" rel="index"><span itemprop="name">FrontEnd</span></a>
                  </span>
                </span>


                <span id="/blob/2021-05-17-encryption-scheme-and-implementation-of-front-end-sensitive-data/" class="post-meta-item leancloud_visitors" data-flag-title="前端敏感数据加密方案及实现" title="阅读次数">
                  <span class="post-meta-item-icon">
                    <i class="far fa-eye"></i>
                  </span>
                  <span class="post-meta-item-text">阅读次数：</span>
                  <span class="leancloud-visitors-count"></span>
                </span>
              </div>

              <div class="post-description">
                <!-- more -->
              </div>
            </div>
          </header>




          <div class="post-body" itemprop="articleBody">
            <p><a target="_blank" rel="noopener" href="https://github.com/jwenjian/visitor-count-badge"><img src="" data-original="https://visitor-badge.glitch.me/badge?page_id=holidaypenguin.gitee.io" alt="总访客数量"></a></p>
            <p><strong>前言</strong></p>
            <p>现在是大数据时代，需要收集大量的个人信息用于统计。一方面它给我们带来了便利，另一方面一些个人信息数据在无意间被泄露，被非法分子用于推销和黑色产业。</p>
            <p>2018 年 5 月 25 日，欧盟已经强制执行《通用数据保护条例》（General Data Protection Regulation，缩写作 GDPR）。该条例是欧盟法律中对所有欧盟个人关于数据保护和隐私的规范。这意味着个人数据必须使用假名化或匿名化进行存储，并且默认使用尽可能最高的隐私设置，以避免数据泄露。</p>
            <p>相信大家也都不想让自己在外面“裸奔”。所以，作为前端开发人员也应该尽量避免用户个人数据的明文传输，尽可能的降低信息泄露的风险。</p>
            <p>看到这里可能有人会说现在都用 HTTPS 了，数据在传输过程中是加密的，前端就不需要加密了。其实不然，我可以在你发送 HTTPS 请求之前，通过谷歌插件来捕获 HTTPS 请求中的个人信息，下面我会为此演示。所以前端数据加密还是很有必要的。</p>
            <h2 id="数据泄露方式"><a href="#数据泄露方式" class="headerlink" title="数据泄露方式"></a>数据泄露方式</h2>
            <p>中间人攻击</p>
            <p>中间人攻击是常见的攻击方式。<a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/%E4%B8%AD%E9%97%B4%E4%BA%BA%E6%94%BB%E5%87%BB"><strong>详细过程可以参见这里</strong></a></p>
            <p>大概的过程是中间人通过 DNS 欺骗等手段劫持了客户端与服务端的会话。</p>
            <p>客户端、服务端之间的信息都会经过中间人，中间人可以获取和转发两者的信息。在 HTTP 下，前端数据加密还是避免不了数据泄露，因为中间人可以伪造密钥。为了避免中间人攻击，我们一般采用 HTTPS 的形式传输。</p>
            <p><strong>谷歌插件</strong></p>
            <p>HTTPS 虽然可以防止数据在网络传输过程中被劫持，但是在发送 HTTPS 之前，数据还是可以从谷歌插件中泄露出去。</p>
            <p>因为谷歌插件可以捕获 Network 中的所有请求，所以如果某些插件中有恶意的代码还是可以获取到用户信息的，下面为大家演示。</p>
            <p><img src="" data-original="/images/FrontEnd/0010.gif" alt="图片"></p>
            <p>所以光采用 HTTPS，一些敏感信息如果还是以明文的形式传输的话，也是不安全的。如果在 HTTPS 的基础上再进行数据的加密，那相对来说就更好了。</p>
            <h2 id="加密算法介绍"><a href="#加密算法介绍" class="headerlink" title="加密算法介绍"></a>加密算法介绍</h2>
            <ul>
              <li>
                <p>对称加密</p>
                <p>对称加密算法，又称为共享密钥加密算法。在对称加密算法中，使用的密钥只有一个，发送和接收双方都使用这个密钥对数据进行加密和解密。</p>
                <p>这就要求加密和解密方事先都必须知道加密的密钥。其优点是算法公开、计算量小、加密速度快、加密效率高；缺点是密钥泄露之后，数据就会被破解。一般不推荐单独使用。根据实现机制的不同，常见的算法主要有 <a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/%E9%AB%98%E7%BA%A7%E5%8A%A0%E5%AF%86%E6%A0%87%E5%87%86"><strong>AES</strong></a>、<a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/Salsa20#ChaCha20"><strong>ChaCha20</strong></a>、<a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/3DES"><strong>3DES</strong></a>等。</p>
                <p><img src="" data-original="/images/FrontEnd/0011.jpg" alt="图片"></p>
              </li>
              <li>
                <p>非对称加密</p>
                <p>非对称加密算法，又称为公开密钥加密算法。它需要两个密钥，一个称为公开密钥 (public key)，即公钥；另一个称为私有密钥 (private key)，即私钥。</p>
                <p>他俩是配对生成的，就像钥匙和锁的关系。因为加密和解密使用的是两个不同的密钥，所以这种算法称为非对称加密算法。其优点是算法强度复杂、安全性高；缺点是加解密速度没有对称加密算法快。常见的算法主要有 <a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/RSA%E5%8A%A0%E5%AF%86%E6%BC%94%E7%AE%97%E6%B3%95"><strong>RSA</strong></a>、<a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/ElGamal%E5%8A%A0%E5%AF%86%E7%AE%97%E6%B3%95"><strong>Elgamal</strong></a>等。</p>
                <p><img src="" data-original="/images/FrontEnd/0012.jpg" alt="图片"></p>
              </li>
              <li>
                <p>散列算法</p>
                <p>散列算法又称散列函数、哈希函数，是把消息或数据压缩成摘要，使得数据量变小，将数据的格式固定成特定长度的值。一般用于校验数据的完整性，平时我们下载文件就可以校验 MD5 来判断下载的数据是否完整。常见的算法主要有 <a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/MD4"><strong>MD4</strong></a>、<a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/MD5"><strong>MD5</strong></a>、<a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/SHA%E5%AE%B6%E6%97%8F"><strong>SHA</strong></a> 等。</p>
              </li>
            </ul>
            <h2 id="实现方案"><a href="#实现方案" class="headerlink" title="实现方案"></a>实现方案</h2>
            <ul>
              <li>
                <p>方案一：如果用对称加密，那么服务端和客户端都必须知道密钥才行。那服务端势必要把密钥发送给客户端，这个过程中是不安全的，所以单单用对称加密行不通。</p>
              </li>
              <li>
                <p>方案二：如果用非对称加密，客户端的数据通过公钥加密，服务端通过私钥解密，客户端发送数据实现加密没问题。客户端接受数据，需要服务端用公钥加密，然后客户端用私钥解密。所以这个方案需要两套公钥和私钥，需要在客户端和服务端各自生成自己的密钥。</p>
                <p><img src="" data-original="/images/FrontEnd/0013.jpg" alt="图片"></p>
              </li>
              <li>
                <p>方案三：如果把对称加密和非对称加密相结合。客户端需要生成一个对称加密的密钥 1，传输内容与该密钥 1进行对称加密传给服务端，并且把密钥 1 和公钥进行非对称加密，然后也传给服务端。服务端通过私钥把对称加密的密钥 1 解密出来，然后通过该密钥 1 解密出内容。以上是客户端到服务端的过程。如果是服务端要发数据到客户端，就需要把响应数据跟对称加密的密钥 1 进行加密，然后客户端接收到密文，通过客户端的密钥 1 进行解密，从而完成加密传输。</p>
                <p><img src="" data-original="/images/FrontEnd/0014.jpg" alt="图片"></p>
              </li>
              <li>
                <p>总结：以上只是列举了常见的加密方案。总的来看，方案二比较简单，但是需要维护两套公钥和私钥，当公钥变化的时候，必须通知对方，灵活性比较差。方案三相对方案二来说，密钥 1 随时可以变化，并且不需要通知服务端，相对来说灵活性、安全性好点并且方案三对内容是对称加密，当数据量大时，对称加密的速度会比非对称加密快。所以本文采用方案三给予代码实现。</p>
              </li>
            </ul>
            <h2 id="代码实现"><a href="#代码实现" class="headerlink" title="代码实现"></a>代码实现</h2>
            <p>下面是具体的代码实现（以登录接口为例），主要的目的就是要把明文的个人信息转成密文传输。其中对称加密库使用的是 AES，非对称加密库使用的是RSA。</p>
            <h3 id="客户端："><a href="#客户端：" class="headerlink" title="客户端："></a>客户端：</h3>
            <ul>
              <li>AES 库(aes-js)：<a target="_blank" rel="noopener" href="https://github.com/ricmoo/aes-js">https://github.com/ricmoo/aes-js</a></li>
              <li>RSA库(jsencrypt)：<a target="_blank" rel="noopener" href="https://github.com/travist/jsencrypt">https://github.com/travist/jsencrypt</a></li>
              <li>具体代码实现登录接口</li>
            </ul>
            <p>1、客户端需要随机生成一个 aesKey，在页面加载完的时候需要从服务端请求 publicKey</p>
            <figure class="highlight js">
              <table>
                <tr>
                  <td class="gutter">
                    <pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre>
                  </td>
                  <td class="code">
                    <pre><span class="line"><span class="keyword">let</span> aesKey = [<span class="number">1</span>, <span class="number">2</span>, <span class="number">3</span>, <span class="number">4</span>, <span class="number">5</span>, <span class="number">6</span>, <span class="number">7</span>, <span class="number">8</span>, <span class="number">9</span>, <span class="number">10</span>, <span class="number">11</span>, <span class="number">12</span>, <span class="number">13</span>, <span class="number">14</span>, <span class="number">15</span>, <span class="number">16</span>]; <span class="comment">// 随机产生</span></span><br><span class="line"><span class="keyword">let</span> publicKey = <span class="string">&quot;&quot;</span>; <span class="comment">// 公钥会从服务端获取</span></span><br><span class="line"></span><br><span class="line"><span class="comment">// 页面加载完之后，就去获取公钥</span></span><br><span class="line"><span class="built_in">window</span>.onload = <span class="function">() =&gt;</span> &#123;</span><br><span class="line">  axios(&#123;</span><br><span class="line">    method: <span class="string">&quot;GET&quot;</span>,</span><br><span class="line">    headers: &#123; <span class="string">&quot;content-type&quot;</span>: <span class="string">&quot;application/x-www-form-urlencoded&quot;</span> &#125;,</span><br><span class="line">    url: <span class="string">&quot;http://localhost:3000/getPub&quot;</span>,</span><br><span class="line">  &#125;)</span><br><span class="line">    .then(<span class="function"><span class="keyword">function</span> (<span class="params">result</span>) </span>&#123;</span><br><span class="line">      publicKey = result.data.data; <span class="comment">// 获取公钥</span></span><br><span class="line">    &#125;)</span><br><span class="line">    .catch(<span class="function"><span class="keyword">function</span> (<span class="params">error</span>) </span>&#123;</span><br><span class="line">      <span class="built_in">console</span>.log(error);</span><br><span class="line">    &#125;);</span><br><span class="line">&#125;;</span><br></pre>
                  </td>
                </tr>
              </table>
            </figure>

            <p>2、aes 加密和解密方法</p>
            <figure class="highlight js">
              <table>
                <tr>
                  <td class="gutter">
                    <pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre>
                  </td>
                  <td class="code">
                    <pre><span class="line"><span class="comment">/**</span></span><br><span class="line"><span class="comment"> * aes加密方法</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;string&#125;</span> </span>text 待加密的字符串</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;array&#125;</span> </span>key 加密key</span></span><br><span class="line"><span class="comment"> */</span></span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">aesEncrypt</span>(<span class="params">text, key</span>) </span>&#123;</span><br><span class="line">  <span class="keyword">const</span> textBytes = aesjs.utils.utf8.toBytes(text); <span class="comment">// 把字符串转换成二进制数据</span></span><br><span class="line"></span><br><span class="line">  <span class="comment">// 这边使用CTR-Counter加密模式，还有其他模式可以选择，具体可以参考aes加密库</span></span><br><span class="line">  <span class="keyword">const</span> aesCtr = <span class="keyword">new</span> aesjs.ModeOfOperation.ctr(key, <span class="keyword">new</span> aesjs.Counter(<span class="number">5</span>));</span><br><span class="line"></span><br><span class="line">  <span class="keyword">const</span> encryptedBytes = aesCtr.encrypt(textBytes); <span class="comment">// 进行加密</span></span><br><span class="line">  <span class="keyword">const</span> encryptedHex = aesjs.utils.hex.fromBytes(encryptedBytes); <span class="comment">// 把二进制数据转成十六进制</span></span><br><span class="line"></span><br><span class="line">  <span class="keyword">return</span> encryptedHex;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="comment">/**</span></span><br><span class="line"><span class="comment"> * aes解密方法</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;string&#125;</span> </span>encryptedHex 加密的字符串</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;array&#125;</span> </span>key 加密key</span></span><br><span class="line"><span class="comment"> */</span></span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">aesDecrypt</span>(<span class="params">encryptedHex, key</span>) </span>&#123;</span><br><span class="line">  <span class="keyword">const</span> encryptedBytes = aesjs.utils.hex.toBytes(encryptedHex); <span class="comment">// 把十六进制数据转成二进制</span></span><br><span class="line">  <span class="keyword">const</span> aesCtr = <span class="keyword">new</span> aesjs.ModeOfOperation.ctr(key, <span class="keyword">new</span> aesjs.Counter(<span class="number">5</span>));</span><br><span class="line"></span><br><span class="line">  <span class="keyword">const</span> decryptedBytes = aesCtr.decrypt(encryptedBytes); <span class="comment">// 进行解密</span></span><br><span class="line">  <span class="keyword">const</span> decryptedText = aesjs.utils.utf8.fromBytes(decryptedBytes); <span class="comment">// 把二进制数据转成utf-8字符串</span></span><br><span class="line"></span><br><span class="line">  <span class="keyword">return</span> decryptedText;</span><br><span class="line">&#125;</span><br></pre>
                  </td>
                </tr>
              </table>
            </figure>

            <p>3、请求登录</p>
            <figure class="highlight js">
              <table>
                <tr>
                  <td class="gutter">
                    <pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre>
                  </td>
                  <td class="code">
                    <pre><span class="line"><span class="comment">/**</span></span><br><span class="line"><span class="comment"> * 登陆接口</span></span><br><span class="line"><span class="comment"> */</span></span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">submitFn</span>(<span class="params"></span>) </span>&#123;</span><br><span class="line">  <span class="keyword">const</span> userName = <span class="built_in">document</span>.querySelector(<span class="string">&quot;#userName&quot;</span>).value;</span><br><span class="line">  <span class="keyword">const</span> password = <span class="built_in">document</span>.querySelector(<span class="string">&quot;#password&quot;</span>).value;</span><br><span class="line">  <span class="keyword">const</span> data = &#123;</span><br><span class="line">    userName,</span><br><span class="line">    password,</span><br><span class="line">  &#125;;</span><br><span class="line"></span><br><span class="line">  <span class="keyword">const</span> text = <span class="built_in">JSON</span>.stringify(data);</span><br><span class="line">  <span class="keyword">const</span> sendData = aesEncrypt(text, aesKey); <span class="comment">// 把要发送的数据转成字符串进行加密</span></span><br><span class="line">  <span class="built_in">console</span>.log(<span class="string">&quot;发送数据&quot;</span>, text);</span><br><span class="line"></span><br><span class="line">  <span class="keyword">const</span> encrypt = <span class="keyword">new</span> JSEncrypt();</span><br><span class="line">  encrypt.setPublicKey(publicKey);</span><br><span class="line">  <span class="keyword">const</span> encrypted = encrypt.encrypt(aesKey.toString()); <span class="comment">// 把aesKey进行非对称加密</span></span><br><span class="line"></span><br><span class="line">  <span class="keyword">const</span> url = <span class="string">&quot;http://localhost:3000/login&quot;</span>;</span><br><span class="line">  <span class="keyword">const</span> params = &#123; <span class="attr">id</span>: <span class="number">0</span>, <span class="attr">data</span>: &#123; <span class="attr">param1</span>: sendData, <span class="attr">param2</span>: encrypted &#125; &#125;;</span><br><span class="line"></span><br><span class="line">  axios(&#123;</span><br><span class="line">    method: <span class="string">&quot;POST&quot;</span>,</span><br><span class="line">    headers: &#123; <span class="string">&quot;content-type&quot;</span>: <span class="string">&quot;application/x-www-form-urlencoded&quot;</span> &#125;,</span><br><span class="line">    url: url,</span><br><span class="line">    data: <span class="built_in">JSON</span>.stringify(params),</span><br><span class="line">  &#125;)</span><br><span class="line">    .then(<span class="function"><span class="keyword">function</span> (<span class="params">result</span>) </span>&#123;</span><br><span class="line">      <span class="keyword">const</span> reciveData = aesDecrypt(result.data.data, aesKey); <span class="comment">// 用aesKey进行解密</span></span><br><span class="line">      <span class="built_in">console</span>.log(<span class="string">&quot;接收数据&quot;</span>, reciveData);</span><br><span class="line">    &#125;)</span><br><span class="line">    .catch(<span class="function"><span class="keyword">function</span> (<span class="params">error</span>) </span>&#123;</span><br><span class="line">      <span class="built_in">console</span>.log(<span class="string">&quot;error&quot;</span>, error);</span><br><span class="line">    &#125;);</span><br><span class="line">&#125;</span><br></pre>
                  </td>
                </tr>
              </table>
            </figure>

            <h3 id="服务端（Node）："><a href="#服务端（Node）：" class="headerlink" title="服务端（Node）："></a>服务端（Node）：</h3>
            <ul>
              <li>AES库(aes-js)：<a target="_blank" rel="noopener" href="https://github.com/ricmoo/aes-js">https://github.com/ricmoo/aes-js</a></li>
              <li>RSA 库(node-rsa)：<a target="_blank" rel="noopener" href="https://github.com/rzcoder/node-rsa">https://github.com/rzcoder/node-rsa</a></li>
              <li>具体代码实现登录接口</li>
            </ul>
            <p>1、引用加密库</p>
            <figure class="highlight js">
              <table>
                <tr>
                  <td class="gutter">
                    <pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre>
                  </td>
                  <td class="code">
                    <pre><span class="line"><span class="keyword">const</span> http = <span class="built_in">require</span>(<span class="string">&quot;http&quot;</span>);</span><br><span class="line"><span class="keyword">const</span> aesjs = <span class="built_in">require</span>(<span class="string">&quot;aes-js&quot;</span>);</span><br><span class="line"><span class="keyword">const</span> NodeRSA = <span class="built_in">require</span>(<span class="string">&quot;node-rsa&quot;</span>);</span><br><span class="line"><span class="keyword">const</span> rsaKey = <span class="keyword">new</span> NodeRSA(&#123; <span class="attr">b</span>: <span class="number">1024</span> &#125;); <span class="comment">// key的size为1024位</span></span><br><span class="line"><span class="keyword">let</span> aesKey = <span class="literal">null</span>; <span class="comment">// 用于保存客户端的aesKey</span></span><br><span class="line"><span class="keyword">let</span> privateKey = <span class="string">&quot;&quot;</span>; <span class="comment">// 用于保存服务端的公钥</span></span><br><span class="line"></span><br><span class="line">rsaKey.setOptions(&#123; <span class="attr">encryptionScheme</span>: <span class="string">&quot;pkcs1&quot;</span> &#125;); <span class="comment">// 设置加密模式</span></span><br></pre>
                  </td>
                </tr>
              </table>
            </figure>

            <p>2、实现 login 接口</p>
            <figure class="highlight js">
              <table>
                <tr>
                  <td class="gutter">
                    <pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br></pre>
                  </td>
                  <td class="code">
                    <pre><span class="line">http</span><br><span class="line">  .createServer(<span class="function">(<span class="params">request, response</span>) =&gt;</span> &#123;</span><br><span class="line">    response.setHeader(<span class="string">&quot;Access-Control-Allow-Origin&quot;</span>, <span class="string">&quot;*&quot;</span>);</span><br><span class="line">    response.setHeader(<span class="string">&quot;Access-Control-Allow-Headers&quot;</span>, <span class="string">&quot;Content-Type&quot;</span>);</span><br><span class="line">    response.setHeader(<span class="string">&quot;Content-Type&quot;</span>, <span class="string">&quot;application/json&quot;</span>);</span><br><span class="line">    <span class="keyword">switch</span> (request.method) &#123;</span><br><span class="line">      <span class="keyword">case</span> <span class="string">&quot;GET&quot;</span>:</span><br><span class="line">        <span class="keyword">if</span> (request.url === <span class="string">&quot;/getPub&quot;</span>) &#123;</span><br><span class="line">          <span class="keyword">const</span> publicKey = rsaKey.exportKey(<span class="string">&quot;public&quot;</span>);</span><br><span class="line">          privateKey = rsaKey.exportKey(<span class="string">&quot;private&quot;</span>);</span><br><span class="line">          response.writeHead(<span class="number">200</span>);</span><br><span class="line">          response.end(<span class="built_in">JSON</span>.stringify(&#123; <span class="attr">result</span>: <span class="literal">true</span>, <span class="attr">data</span>: publicKey &#125;)); <span class="comment">// 把公钥发送给客户端</span></span><br><span class="line">          <span class="keyword">return</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">break</span>;</span><br><span class="line">      <span class="keyword">case</span> <span class="string">&quot;POST&quot;</span>:</span><br><span class="line">        <span class="keyword">if</span> (request.url === <span class="string">&quot;/login&quot;</span>) &#123;</span><br><span class="line">          <span class="keyword">let</span> str = <span class="string">&quot;&quot;</span>;</span><br><span class="line">          request.on(<span class="string">&quot;data&quot;</span>, <span class="function"><span class="keyword">function</span> (<span class="params">chunk</span>) </span>&#123;</span><br><span class="line">            str += chunk;</span><br><span class="line">          &#125;);</span><br><span class="line">          request.on(<span class="string">&quot;end&quot;</span>, <span class="function"><span class="keyword">function</span> (<span class="params"></span>) </span>&#123;</span><br><span class="line">            <span class="keyword">const</span> params = <span class="built_in">JSON</span>.parse(str);</span><br><span class="line">            <span class="keyword">const</span> reciveData = decrypt(params.data);</span><br><span class="line">            <span class="built_in">console</span>.log(<span class="string">&quot;reciveData&quot;</span>, reciveData);</span><br><span class="line">            <span class="comment">// 一系列处理之后</span></span><br><span class="line"></span><br><span class="line">            response.writeHead(<span class="number">200</span>);</span><br><span class="line">            response.end(</span><br><span class="line">              <span class="built_in">JSON</span>.stringify(&#123;</span><br><span class="line">                result: <span class="literal">true</span>,</span><br><span class="line">                data: aesEncrypt(</span><br><span class="line">                  <span class="built_in">JSON</span>.stringify(&#123; <span class="attr">userId</span>: <span class="number">123</span>, <span class="attr">address</span>: <span class="string">&quot;杭州&quot;</span> &#125;), <span class="comment">// 这个数据会被加密</span></span><br><span class="line">                  aesKey</span><br><span class="line">                ),</span><br><span class="line">              &#125;)</span><br><span class="line">            );</span><br><span class="line">          &#125;);</span><br><span class="line">          <span class="keyword">return</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">break</span>;</span><br><span class="line">      <span class="keyword">default</span>:</span><br><span class="line">        <span class="keyword">break</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    response.writeHead(<span class="number">404</span>);</span><br><span class="line">    response.end();</span><br><span class="line">  &#125;)</span><br><span class="line">  .listen(<span class="number">3000</span>);</span><br></pre>
                  </td>
                </tr>
              </table>
            </figure>

            <p>3、加密和解密方法</p>
            <figure class="highlight js">
              <table>
                <tr>
                  <td class="gutter">
                    <pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br></pre>
                  </td>
                  <td class="code">
                    <pre><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">decrypt</span>(<span class="params">&#123; param1, param2 &#125;</span>) </span>&#123;</span><br><span class="line">  <span class="keyword">const</span> decrypted = rsaKey.decrypt(param2, <span class="string">&quot;utf8&quot;</span>); <span class="comment">// 解密得到aesKey</span></span><br><span class="line">  aesKey = decrypted.split(<span class="string">&quot;,&quot;</span>).map(<span class="function">(<span class="params">item</span>) =&gt;</span> &#123;</span><br><span class="line">    <span class="keyword">return</span> +item;</span><br><span class="line">  &#125;);</span><br><span class="line"></span><br><span class="line">  <span class="keyword">return</span> aesDecrypt(param1, aesKey);</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="comment">/**</span></span><br><span class="line"><span class="comment"> * aes解密方法</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;string&#125;</span> </span>encryptedHex 加密的字符串</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;array&#125;</span> </span>key 加密key</span></span><br><span class="line"><span class="comment"> */</span></span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">aesDecrypt</span>(<span class="params">encryptedHex, key</span>) </span>&#123;</span><br><span class="line">  <span class="keyword">const</span> encryptedBytes = aesjs.utils.hex.toBytes(encryptedHex); <span class="comment">// 把十六进制转成二进制数据</span></span><br><span class="line">  <span class="keyword">const</span> aesCtr = <span class="keyword">new</span> aesjs.ModeOfOperation.ctr(key, <span class="keyword">new</span> aesjs.Counter(<span class="number">5</span>)); <span class="comment">// 这边使用CTR-Counter加密模式，还有其他模式可以选择，具体可以参考aes加密库</span></span><br><span class="line"></span><br><span class="line">  <span class="keyword">const</span> decryptedBytes = aesCtr.decrypt(encryptedBytes); <span class="comment">// 进行解密</span></span><br><span class="line">  <span class="keyword">const</span> decryptedText = aesjs.utils.utf8.fromBytes(decryptedBytes); <span class="comment">// 把二进制数据转成字符串</span></span><br><span class="line"></span><br><span class="line">  <span class="keyword">return</span> decryptedText;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="comment">/**</span></span><br><span class="line"><span class="comment"> * aes加密方法</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;string&#125;</span> </span>text 待加密的字符串</span></span><br><span class="line"><span class="comment"> * <span class="doctag">@param <span class="type">&#123;array&#125;</span> </span>key 加密key</span></span><br><span class="line"><span class="comment"> */</span></span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">aesEncrypt</span>(<span class="params">text, key</span>) </span>&#123;</span><br><span class="line">  <span class="keyword">const</span> textBytes = aesjs.utils.utf8.toBytes(text); <span class="comment">// 把字符串转成二进制数据</span></span><br><span class="line">  <span class="keyword">const</span> aesCtr = <span class="keyword">new</span> aesjs.ModeOfOperation.ctr(key, <span class="keyword">new</span> aesjs.Counter(<span class="number">5</span>));</span><br><span class="line"></span><br><span class="line">  <span class="keyword">const</span> encryptedBytes = aesCtr.encrypt(textBytes); <span class="comment">// 加密</span></span><br><span class="line">  <span class="keyword">const</span> encryptedHex = aesjs.utils.hex.fromBytes(encryptedBytes); <span class="comment">// 把二进制数据转成十六进制</span></span><br><span class="line"></span><br><span class="line">  <span class="keyword">return</span> encryptedHex;</span><br><span class="line">&#125;</span><br></pre>
                  </td>
                </tr>
              </table>
            </figure>

            <ul>
              <li>完整的示例代码：<a target="_blank" rel="noopener" href="https://github.com/Pulset/FrontDataEncrypt">https://github.com/Pulset/FrontDataEncrypt</a></li>
            </ul>
            <h2 id="演示效果"><a href="#演示效果" class="headerlink" title="演示效果"></a>演示效果</h2>
            <p><img src="" data-original="/images/FrontEnd/0015.gif" alt="图片"></p>
            <h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2>
            <p>本文主要介绍了一些前端安全方面的知识和具体加密方案的实现。为了保护客户的隐私数据，不管是 HTTP 还是 HTTPS，都建议密文传输信息，让破解者增加一点攻击难度吧。当然数据加解密也会带来一定性能上的消耗，这个需要各位开发者各自衡量了。</p>
            <h1 id="参考文献"><a href="#参考文献" class="headerlink" title="参考文献"></a>参考文献</h1>
            <p><strong>看完这篇文章，我奶奶都懂了 https 的原理</strong> (<a target="_blank" rel="noopener" href="https://www.cnblogs.com/sujing/p/10927569.html">https://www.cnblogs.com/sujing/p/10927569.html</a>)</p>
            <p><strong>中间人攻击</strong> (<a target="_blank" rel="noopener" href="https://zh.wikipedia.org/wiki/%E4%B8%AD%E9%97%B4%E4%BA%BA%E6%94%BB%E5%87%BB">https://zh.wikipedia.org/wiki/%E4%B8%AD%E9%97%B4%E4%BA%BA%E6%94%BB%E5%87%BB</a>)</p>
            <p><a target="_blank" rel="noopener" href="https://blog.csdn.net/weixin_40906515/article/details/109153069">https://blog.csdn.net/weixin_40906515/article/details/109153069</a></p>
            <p><strong>21种Web应用程序中处理密码的最佳做法</strong> <a target="_blank" rel="noopener" href="https://mp.weixin.qq.com/s/Wr0yoc275pGSuDAOrwuwpw">https://mp.weixin.qq.com/s/Wr0yoc275pGSuDAOrwuwpw</a></p>

          </div>





          <footer class="post-footer">
            <div class="post-tags">
              <a href="/tags/FrontEnd/" rel="tag"># FrontEnd</a>
              <a href="/tags/%E5%8A%A0%E5%AF%86/" rel="tag"># 加密</a>
              <a href="/tags/%E5%AF%B9%E7%A7%B0%E5%8A%A0%E5%AF%86/" rel="tag"># 对称加密</a>
              <a href="/tags/%E9%9D%9E%E5%AF%B9%E7%A7%B0%E5%8A%A0%E5%AF%86/" rel="tag"># 非对称加密</a>
            </div>



            <div class="post-nav">
              <div class="post-nav-item">
                <a href="/blob/2021-05-10-browser-rendering-process/" rel="prev" title="浏览器的渲染过程">
                  <i class="fa fa-chevron-left"></i> 浏览器的渲染过程
                </a>
              </div>
              <div class="post-nav-item">
                <a href="/blob/2021-05-31-automatic-upload-of-small-program-code-command-line/" rel="next" title="小程序代码命令行自动上传">
                  小程序代码命令行自动上传 <i class="fa fa-chevron-right"></i>
                </a>
              </div>
            </div>
          </footer>
        </article>
      </div>







      <script>
        window.addEventListener('tabs:register', () => {
          let {
            activeClass
          } = CONFIG.comments;
          if (CONFIG.comments.storage) {
            activeClass = localStorage.getItem('comments_active') || activeClass;
          }
          if (activeClass) {
            const activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
            if (activeTab) {
              activeTab.click();
            }
          }
        });
        if (CONFIG.comments.storage) {
          window.addEventListener('tabs:click', event => {
            if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
            const commentClass = event.target.classList[1];
            localStorage.setItem('comments_active', commentClass);
          });
        }
      </script>
    </div>
  </main>

  <footer class="footer">
    <div class="footer-inner">


      <div class="copyright">
        &copy;
        <span itemprop="copyrightYear">2021</span>
        <span class="with-love">
          <i class="fa fa-heart"></i>
        </span>
        <span class="author" itemprop="copyrightHolder">holidaypenguin</span>
      </div>
      <div class="powered-by">由 <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.js.org/mist/" class="theme-link" rel="noopener" target="_blank">NexT.Mist</a> 强力驱动
      </div>

    </div>
  </footer>


  <script size="300" alpha="0.1" zIndex="-1" src="https://cdn.jsdelivr.net/npm/ribbon.js@1.0.2/dist/ribbon.min.js"></script>
  <script src="https://cdn.jsdelivr.net/npm/animejs@3.2.1/lib/anime.min.js"></script>
  <script src="/js/love.js"></script>

  <script src="/js/development.js"></script>
  <script src="/js/utils.js"></script>
  <script src="/js/motion.js"></script>
  <script src="/js/schemes/muse.js"></script>
  <script src="/js/next-boot.js"></script>


  <script src="/js/local-search.js"></script>









  <script>
    (function() {
      function leancloudSelector(url) {
        url = encodeURI(url);
        return document.getElementById(url).querySelector('.leancloud-visitors-count');
      }

      function addCount(Counter) {
        const visitors = document.querySelector('.leancloud_visitors');
        const url = decodeURI(visitors.id);
        const title = visitors.dataset.flagTitle;

        Counter('get', '/classes/Counter?where=' + encodeURIComponent(JSON.stringify({
            url
          })))
          .then(response => response.json())
          .then(({
            results
          }) => {
            if (results.length > 0) {
              const counter = results[0];
              leancloudSelector(url).innerText = counter.time + 1;
              Counter('put', '/classes/Counter/' + counter.objectId, {
                  time: {
                    '__op': 'Increment',
                    'amount': 1
                  }
                })
                .catch(error => {
                  console.error('Failed to save visitor count', error);
                });
            } else {
              Counter('post', '/classes/Counter', {
                  title,
                  url,
                  time: 1
                })
                .then(response => response.json())
                .then(() => {
                  leancloudSelector(url).innerText = 1;
                })
                .catch(error => {
                  console.error('Failed to create', error);
                });
            }
          })
          .catch(error => {
            console.error('LeanCloud Counter Error', error);
          });
      }

      function showTime(Counter) {
        const visitors = document.querySelectorAll('.leancloud_visitors');
        const entries = [...visitors].map(element => {
          return decodeURI(element.id);
        });

        Counter('get', '/classes/Counter?where=' + encodeURIComponent(JSON.stringify({
            url: {
              '$in': entries
            }
          })))
          .then(response => response.json())
          .then(({
            results
          }) => {
            for (let url of entries) {
              const target = results.find(item => item.url === url);
              leancloudSelector(url).innerText = target ? target.time : 0;
            }
          })
          .catch(error => {
            console.error('LeanCloud Counter Error', error);
          });
      }

      const {
        app_id,
        app_key,
        server_url
      } = {
        "enable": true,
        "app_id": "povuqNsSqFodlakVIwtEX5kb-gzGzoHsz",
        "app_key": "zXD40RDtDB3DMtpC89k0AK7g",
        "server_url": null,
        "security": false
      };

      function fetchData(api_server) {
        const Counter = (method, url, data) => {
          return fetch(`${api_server}/1.1${url}`, {
            method,
            headers: {
              'X-LC-Id': app_id,
              'X-LC-Key': app_key,
              'Content-Type': 'application/json',
            },
            body: JSON.stringify(data)
          });
        };
        if (CONFIG.page.isPost) {
          if (CONFIG.hostname !== location.hostname) return;
          addCount(Counter);
        } else if (document.querySelectorAll('.post-title-link').length >= 1) {
          showTime(Counter);
        }
      }

      const api_server = app_id.slice(-9) === '-MdYXbMMI' ? `https://${app_id.slice(0, 8).toLowerCase()}.api.lncldglobal.com` : server_url;

      if (api_server) {
        fetchData(api_server);
      } else {
        fetch('https://app-router.leancloud.cn/2/route?appId=' + app_id)
          .then(response => response.json())
          .then(({
            api_server
          }) => {
            fetchData('https://' + api_server);
          });
      }
    })();
  </script>



<script>
            window.imageLazyLoadSetting = {
                isSPA: false,
                preloadRatio: 1,
                processImages: null,
            };
        </script><script>window.addEventListener("load",function(){var t=/\.(gif|jpg|jpeg|tiff|png)$/i,r=/^data:image\/[a-z]+;base64,/;Array.prototype.slice.call(document.querySelectorAll("img[data-original]")).forEach(function(a){var e=a.parentNode;"A"===e.tagName&&(e.href.match(t)||e.href.match(r))&&(e.href=a.dataset.original)})});</script><script>!function(n){n.imageLazyLoadSetting.processImages=o;var e=n.imageLazyLoadSetting.isSPA,i=n.imageLazyLoadSetting.preloadRatio||1,r=Array.prototype.slice.call(document.querySelectorAll("img[data-original]"));function o(){e&&(r=Array.prototype.slice.call(document.querySelectorAll("img[data-original]")));for(var t,a=0;a<r.length;a++)0<=(t=(t=r[a]).getBoundingClientRect()).bottom&&0<=t.left&&t.top<=(n.innerHeight*i||document.documentElement.clientHeight*i)&&function(){var t,e,n,i,o=r[a];t=o,e=function(){r=r.filter(function(t){return o!==t})},n=new Image,i=t.getAttribute("data-original"),n.onload=function(){t.src=i,e&&e()},t.src!==i&&(n.src=i)}()}o(),n.addEventListener("scroll",function(){var t,e;t=o,e=n,clearTimeout(t.tId),t.tId=setTimeout(function(){t.call(e)},500)})}(this);</script></body>

</html>